Fixups.

crypto/evp/c_allc.c

@@ -194,7 +194,6 @@ void OpenSSL_add_all_ciphers(void)
 	EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
 	EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
 #endif
-#endif
 
 #ifndef OPENSSL_NO_CAMELLIA
 	EVP_add_cipher(EVP_camellia_128_ecb());

ssl/d1_enc.c

@@ -136,9 +136,9 @@ int dtls1_enc(SSL *s, int send)
 
 	if (send)
 		{
-		if (EVP_MD_CTX_md(s->write_hash))
+		if (s->write_hash)
 			{
-			mac_size=EVP_MD_CTX_size(s->write_hash);
+			mac_size=EVP_MD_size(s->write_hash);
 			if (mac_size < 0)
 				return -1;
 			}
@@ -162,9 +162,9 @@ int dtls1_enc(SSL *s, int send)
 		}
 	else
 		{
-		if (EVP_MD_CTX_md(s->read_hash))
+		if (s->read_hash)
 			{
-			mac_size=EVP_MD_CTX_size(s->read_hash);
+			mac_size=EVP_MD_size(s->read_hash);
 			if (mac_size < 0)
 				return -1;
 			}

ssl/d1_pkt.c

@@ -336,6 +336,7 @@ dtls1_process_record(SSL *s)
 	unsigned char md[EVP_MAX_MD_SIZE];
 	int decryption_failed_or_bad_record_mac = 0;
 	unsigned char *mac = NULL;
+	int i;
 
 
 	rr= &(s->s3->rrec);

ssl/s3_cbc.c

@@ -139,8 +139,7 @@ int tls1_cbc_remove_padding(const SSL* s,
 			    unsigned mac_size)
 	{
 	unsigned padding_length, good, to_check, i;
-	const char has_explicit_iv =
-		s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION;
+	const char has_explicit_iv = s->version == DTLS1_VERSION;
 	const unsigned overhead = 1 /* padding length byte */ +
 				  mac_size +
 				  (has_explicit_iv ? block_size : 0);
@@ -366,9 +365,9 @@ static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
 
 /* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
  * which ssl3_cbc_digest_record supports. */
-char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
+char ssl3_cbc_record_digest_supported(const EVP_MD *digest)
 	{
-	switch (ctx->digest->type)
+	switch (digest->type)
 		{
 		case NID_md5:
 		case NID_sha1:
@@ -402,7 +401,7 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
  * a padding byte and MAC. (If the padding was invalid, it might contain the
  * padding too. ) */
 void ssl3_cbc_digest_record(
-	const EVP_MD_CTX *ctx,
+	const EVP_MD *digest,
 	unsigned char* md_out,
 	size_t* md_out_size,
 	const unsigned char header[13],
@@ -436,7 +435,7 @@ void ssl3_cbc_digest_record(
 	 * many possible overflows later in this function. */
 	OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
 
-	switch (ctx->digest->type)
+	switch (digest->type)
 		{
 		case NID_md5:
 			MD5_Init((MD5_CTX*)md_state);
@@ -670,7 +669,7 @@ void ssl3_cbc_digest_record(
 		}
 
 	EVP_MD_CTX_init(&md_ctx);
-	EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */);
+	EVP_DigestInit_ex(&md_ctx, digest, NULL /* engine */);
 	if (is_sslv3)
 		{
 		/* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */

ssl/s3_enc.c

@@ -501,8 +501,8 @@ int ssl3_enc(SSL *s, int send)
 
 		rec->orig_len = rec->length;
 
-		if (EVP_MD_CTX_md(s->read_hash) != NULL)
-			mac_size = EVP_MD_CTX_size(s->read_hash);
+		if (s->read_hash != NULL)
+			mac_size = EVP_MD_size(s->read_hash);
 		if ((bs != 1) && !send)
 			return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
 		}
@@ -643,7 +643,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
 		/* Chop the digest off the end :-) */
 		EVP_MD_CTX_init(&md_ctx);
 
-		EVP_MD_CTX_copy_ex( &md_ctx,hash);
+		EVP_DigestInit_ex( &md_ctx,hash, NULL);
 		EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
 		EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
 		EVP_DigestUpdate(&md_ctx,seq,8);
@@ -655,7 +655,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
 		EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
 		EVP_DigestFinal_ex( &md_ctx,md,NULL);
 
-		EVP_MD_CTX_copy_ex( &md_ctx,hash);
+		EVP_DigestInit_ex( &md_ctx,hash, NULL);
 		EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
 		EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
 		EVP_DigestUpdate(&md_ctx,md,md_size);

ssl/s3_pkt.c

@@ -377,7 +377,7 @@ printf("\n");
 		/* !clear => s->read_hash != NULL => mac_size != -1 */
 		unsigned char *mac = NULL;
 		unsigned char mac_tmp[EVP_MAX_MD_SIZE];
-		mac_size=EVP_MD_CTX_size(s->read_hash);
+		mac_size=EVP_MD_size(s->read_hash);
 		OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
 
 		/* orig_len is the length of the record before any padding was

ssl/ssl_locl.h

@@ -1023,9 +1023,9 @@ int tls1_cbc_remove_padding(const SSL* s,
 			    SSL3_RECORD *rec,
 			    unsigned block_size,
 			    unsigned mac_size);
-char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
+char ssl3_cbc_record_digest_supported(const EVP_MD *hash);
 void ssl3_cbc_digest_record(
-	const EVP_MD_CTX *ctx,
+	const EVP_MD *hash,
 	unsigned char* md_out,
 	size_t* md_out_size,
 	const unsigned char header[13],

ssl/t1_enc.c

@@ -631,8 +631,8 @@ int tls1_enc(SSL *s, int send)
 		rec->orig_len = rec->length;
 
 		ret = 1;
-		if (EVP_MD_CTX_md(s->read_hash) != NULL)
-			mac_size = EVP_MD_CTX_size(s->read_hash);
+		if (s->read_hash != NULL)
+			mac_size = EVP_MD_size(s->read_hash);
 		if ((bs != 1) && !send)
 			ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
 		if (pad && !send)
@@ -686,12 +686,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 	SSL3_RECORD *rec;
 	unsigned char *mac_sec,*seq;
 	const EVP_MD *hash;
-	unsigned int md_size;
+	size_t md_size;
 	int i;
-	EVP_MD_CTX hmac, *mac_ctx;
+	HMAC_CTX hmac;
 	unsigned char header[13];
-	int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
-	int t;
 
 	if (send)
 		{
@@ -734,31 +732,32 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 
 	if (!send &&
 	    EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-	    ssl3_cbc_record_digest_supported(mac_ctx))
+	    ssl3_cbc_record_digest_supported(hash))
 		{
 		/* This is a CBC-encrypted record. We must avoid leaking any
 		 * timing-side channel information about how many blocks of
 		 * data we are hashing because that gives an attacker a
 		 * timing-oracle. */
 		ssl3_cbc_digest_record(
-			mac_ctx,
+		        hash,
 			md, &md_size,
 			header, rec->input,
 			rec->length + md_size, rec->orig_len,
 			ssl->s3->read_mac_secret,
-			ssl->s3->read_mac_secret_size,
+			EVP_MD_size(ssl->read_hash),
 			0 /* not SSLv3 */);
 		}
 	else
 		{
-		EVP_DigestSignUpdate(mac_ctx,header,sizeof(header));
-		EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
-		t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
-		OPENSSL_assert(t > 0);
+		unsigned mds;
+
+		HMAC_Update(&hmac,header,sizeof(header));
+		HMAC_Update(&hmac,rec->input,rec->length);
+		HMAC_Final(&hmac,md,&mds);
+		md_size = mds;
 		}
 		
-	if (!stream_mac)
-		EVP_MD_CTX_cleanup(&hmac);
+	HMAC_CTX_cleanup(&hmac);
 #ifdef TLS_DEBUG
 printf("sec=");
 {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }